Security firm Checkmarx revealed they discovered some vulnerabilities on dating app ‘Tinder’ that may compromise the privacy of its users. The company says the problem stems from Tinder’s decision to not use HTTPS, a security protocol to encrypt photos on its Android and iOS apps.
The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content.
While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.
(Photo source: Facebook – @tinder)